collibra articles

5 Ways to Fast Track Business Value Out of Collibra’s GDPR Accelerator

By FSFP

The European Union’s General Data Protection Regulation (GDPR), which went into effect today on May 25, is bringing its data protection guidelines to US-based companies that do business in the European Union. For organizations who depend on Collibra — or for those considering implementing this data governance platform — Collibra’s GDPR Accelerator can fast track companies on their way to GDPR compliance.

Collibra’s GDPR Accelerator provides an extended data governance operating and asset model that’s built into the Collibra platform and tailored for the GDPR. The operating model addresses GDPR-related roles and responsibilities, and the asset model defines the information needed to manage GDPR.

If you’re familiar with Collibra but new to its accelerator, here are five ways your company can fast track business value from its built-for-GDPR configuration.

UNDERSTANDING THE ACCELERATOR’S ASSET MODEL

Each company is unique and has its own business model and specific concerns about GDPR that might not be the same concerns that another company has. To get the most benefit from the accelerator, it’s important to understand how Collibra has configured the 19 GDPR domains. (A domain is a logical grouping of assets according to their function, project or knowledge area.)

Because GDPR compliance means different things to different companies, some of the accelerator’s modules may not be needed by your company. For example, GDPR’s Article 8 addresses personal data of a child. You may not work with children, so this aspect of the regulation will not apply. By understanding the accelerator’s asset model, you can focus on areas that matter the most to your business and disregard the areas that don’t apply. The result of this focus will be a GDPR model that is relevant to your business.

LEVERAGE GOVERNANCE WORK YOU’RE ALREADY DOING

While the GDPR Accelerator is an add-on, it’s not distinct from the Collibra platform. The cohesive platform will allow you to build upon the assets you already have in Collibra. For example, if you have business terms or physical data dictionaries that are categorized as personally identifiable information (PII) or sensitive personal data in Collibra, you can count yourself ahead of the GDPR game. If you choose to use the accelerator, you won’t need to rediscover your GDPR-relevant information or recreate it — you’ll just need to move the appropriate assets into the appropriate GDPR accelerator modules. This organization allows for a clear picture of GDPR-relevant assets and how they relate to each other.

At its core, the accelerator is about your company’s data and the business processes and associated processing activities that use or manipulate the data. Traditional Collibra work couples nicely with the accelerator. If your company has GDPR-relevant processes, you’ll be able to work with GDPR modules that let you store all of the relevant information regarding the processes such as relevant data, systems, jurisdictions, legal basis, Personal Information categories, data subject categories, etc. (That’s  just to name a few, as there are a whole host of GDPR-relevant items offered in the accelerator that are of great help in striving toward full compliance.)

Again, the data governance work you’re already doing in Collibra supports GDPR compliance — and this benefit cannot be understated. If paired with the accelerator modules and leveraging the assets that already reside in Collibra, companies can find themselves with a big jumpstart on GDPR compliance.

DATA GOVERNANCE IS THE FOUNDATION OF GDPR

Your data governance program managers must play a coordinating role. In GDPR, it’s an interdisciplinary effort — you also have to have the legal department, chief privacy, information security officer, various IT stakeholders and procurement or vendor management.

The Data Governance area is the best-placed organizational unit to do the coordination of the GDPR among all these units. And because Data Governance is involved and is using Collibra, the overall operating model of this typically rather diverse task force doing GDPR is underpinned by Collibra because the governance area is playing the role to coordinate GDPR. Because Data Governance is doing the coordination and because it’s the tool of choice, Collibra offers the solid structure needed to support the entire project and allows visibility to all the information the diverse teams are contributing to build the entire GDPR picture for the company. Not only does Collibra allow visibility into information, but it also provides the knowledge of who the key players across the company are for assets. This helps a user to know who to turn to for questions or issues.

Things to consider: The GDPR needs to be coordinated by the data governance office, but it’s also important to realize there needs to be data governance around the use of the powerful technology Collibra offers. Companies want adoption, trust and success from Collibra. To ensure these things, governance around Collibra setup and usage goes a long way. For example, what will the community and domain naming conventions be so they are intuitive to business users?  What will the process be to add a new business term or GDPR-relevant term once the initial upload is complete? Will you implement workflows and if so, which ones work best for your company structure and culture? As with every successful project, a plan and guidance is critical.

INTEGRATE WHAT YOU KNOW ABOUT ASSETS WITH PROCESSES

In the past, Collibra was heavily focused on data assets — understanding them and who is accountable for them. With the addition of the accelerator, it’s the first serious effort where we now can integrate what we know about data assets with what we know about business processes.

While this is confined to GDPR, the benefits actually go further. Data Sovereignty laws will no doubt continue to emerge and the accelerator puts companies in a position to respond quickly, because ultimately the accelerator is allowing companies to know where and how their data is being used. With the accelerator, companies can realize benefits that go beyond GDPR.

BETTER UNDERSTAND DATA

Using the accelerator forces you to understand your data. The accelerator allows companies to show the full picture with the configuration of the 19 GDPR domains that include GDPR-specific attributes and the available relationships among the domains to build a complete picture of data knowledge, security and people accountability.

  • Understanding data: What questions do companies need to ask to start understanding their data?
  • What data do you have: Do you have PII, PSI, or PCI? Have you established categories of data, for example, what elements make up the contact information category?
  • Where is your data: What platforms, databases, servers, third parties or different countries/jurisdictions does your data reside or get processed in?
  • How is it used: What type of processing, storage, or sharing is done, or are there usage policies for certain data sets?
  • Why do you have the data: What’s the legal basis for having the data and processing it? Do you need to keep all the data and for how long? Do you have retention periods?

This is a short list of examples that the accelerator helps companies to answer in a meaningful and organized way that logically relates all the information to the relevant pieces and creates your company’s custom GDPR picture.

Remember that understanding your data is critical to being able to secure your data, and the accelerator puts all the pieces together for companies to successfully show security and data understanding. With Collibra, the information is captured and you can visualize the flow. If a picture is worth a thousand words, the Collibra traceability diagrams are a powerful feature that literally allows the user to create the picture they need. And when combined with the accelerator, GDPR traceability is a big part of the picture. As a result, it’s more reliable information and you can do it more efficiently than by using an expensive internal resource.

WHAT COMES NEXT?

If you’re using Collibra today or are considering bringing it in to your company and if GDPR is of importance to you, consider taking advantage of the accelerator.

If GDPR isn’t on your radar, know that there are growing legal concerns about how companies manage data. These types of regulations will likely only increase over time, and your business’ focus on them will likely grow, too. While the accelerator is GDPR-focused, it may also help you with the broader concerns about data, legal and privacy matters. This could stretch your Collibra investment even further.

Collibra is bringing incremental updates to the accelerator throughout the year, and we hope to share more ways that its accelerator can fast track greater value for your business.

First San Francisco Partners (FSFP) is not a law firm nor does it represent one. Therefore, neither FSFP, nor any of its employees, consultants and sub-contractors, provide legal advice on data privacy regulations (e.g., GDPR).
FSFP expects that any enterprise that engages FSFP leverages the enterprise’s Legal and Data Privacy experts, often with outside Counsel, to interpret the data privacy regulation or law (e.g., GDPR) as they require.
Furthermore, FSFP expects that the designated enterprise’s Legal and Data Privacy expert(s) participate throughout any engagement involving FSFP to provide advice, guidance and interpretation (along with advice and/or guidance from designated outside Counsel) of the impact of the data privacy regulation or law (e.g., GDPR) on the enterprise.
FSFP’s role is not to provide this advice and/or guidance, but rather FSFP partners with the appropriate enterprise Legal and Data Privacy experts and other key personnel in Data Governance, IT, Risk, Procurement, etc., to translate the Legal and Data Privacy experts’ interpretation into operationalized practices supporting data privacy compliance.
FSFP does not guarantee compliance with any applicable laws and/or regulations (e.g., GDPR) in any jurisdictions (e.g., the European Union.) The expectation is that the enterprise reviews and vets the FSFP work products – including, but not limited to – content, deliverables, Readiness Assessment tools (e.g., GDPR) – essentially all artifacts – with accredited legal experts for final opinions.

You have Successfully Subscribed!